0

ファイルIOの作業を行うASP.Netページがあります。Webブラウザー、つまりchromeから要求すると成功しますが、アプリケーションのWebClientインスタンスから要求すると、「System.Security.SecurityException」が発生します。2つのリクエストに大きな違いはありますか?このページをWebクライアント内から機能させるには、code-access-securityについて何を知っておく必要がありますか?

生のフィドラーのリクエストとレスポンスは次のとおりです。

ブラウザのリクエスト:

GET http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx HTTP/1.1
Host: 192.168.1.89
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

ブラウザの応答:

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 35189
Date: Tue, 14 Dec 2010 14:08:46 GMT
Content-Type: application/zip
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

... Binary Content ...

Webクライアントリクエスト:

POST http://192.168.1.89/QuickCutConsoleDataProvider/UpdateItemFiles.aspx?Guid=e30e1826-3d96-4769-a540-acd911cccf02 HTTP/1.1
Content-Type: multipart/form-data; boundary=---------------------8cd697dcbf75ed4
Host: 192.168.1.89
Content-Length: 303
Expect: 100-continue

-----------------------8cd697dcbf75ed4
Content-Disposition: form-data; name="file"; filename="Catalog.xml"
Content-Type: application/octet-stream

<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<catalog version="1.0">
  <items />
</catalog>
-----------------------8cd697dcbf75ed4--

Webクライアントの応答(例外):

HTTP/1.1 200 OK
Via: 1.1 PHOBOS
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Content-Length: 1244
Date: Tue, 14 Dec 2010 14:12:34 GMT
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
Cache-Control: private
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET

<error type="System.Security.SecurityException">
  <message>Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.</message>
  <stack-trace><![CDATA[   at System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet)
   at System.Security.CodeAccessPermission.Demand()
   at System.IO.File.GetLastWriteTimeUtc(String path)
   at Ionic.Zip.ZipEntry.Create(String nameInArchive, ZipEntrySource source, Object arg1, Object arg2)
   at Ionic.Zip.ZipEntry.CreateFromFile(String filename, String nameInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName, String directoryPathInArchive)
   at Ionic.Zip.ZipFile.AddFile(String fileName)
   at MyApplication.UpdateItemFiles.GetUpdateContent(XDocument a_xManifest, Stream[] a_arrExtraContent) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 282
   at MyApplication.UpdateItemFiles.Page_Load(Object sender, EventArgs e) in C:\Software\MyApplication\Alpha\Web Interface\UpdateItemFiles.aspx.cs:line 31]]></stack-trace>
  <inner-exception>null</inner-exception>
</error>
4

2 に答える 2

0

これはまだWindows認証で実行されていますが、変更したと思われます。なりすましもオンになっているに違いない。

認証を再確認してください。IO操作を実行しているときに、現在のIDをログに記録するためのデバッグコードをいくつか吐き出します。

于 2010-12-13T22:32:40.473 に答える
0

The problem had nothing to do with IIS authentication. It was the Zip library I was using, DotNetZip. CAS wasn't willing to give it File IO permissions. I finally had to proxy IO operations with file streams. The only downside is that ever file I wanted to add to the Zip archive, I had to leave a stream open until the archive was saved. They were file streams so there was very little memory used.

Someone mentioned WCF, and that would have been ideal, but the decision maker decided that that way was to expensive.

于 2010-12-15T14:11:46.163 に答える